Vulnerabilities > Testlink > Testlink > 1.9.20
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-27 | CVE-2020-12274 | Improper Input Validation vulnerability in Testlink 1.9.20 In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session. | 7.5 |
2020-04-27 | CVE-2020-12273 | Insufficiently Protected Credentials vulnerability in Testlink 1.9.20 In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. | 5.0 |
2020-04-03 | CVE-2020-8639 | Unrestricted Upload of File with Dangerous Type vulnerability in Testlink 1.9.20 An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | 6.5 |
2020-04-03 | CVE-2020-8638 | SQL Injection vulnerability in Testlink 1.9.20 A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter. | 7.5 |
2020-04-03 | CVE-2020-8637 | SQL Injection vulnerability in Testlink 1.9.20 A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter. | 7.5 |